The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

在一开始的nextcloud文件里加一句话

$ sudo vim /etc/nginx/sites-available/nextcloud

在add_header X-Content-Type-Options nosniff;上面加一行

add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";

重启服务

$ sudo systemctl restart php7.0-fpm&&systemctl restart nginx

---

总结：我的很多问题都出在/etc/nginx/sites-available/nextcloud里